什麼是Docker？

Docker是一個開發、交付、運行程序的開放的平臺。Docker讓你可以從你的架構中將你的應用分隔(分離)開,讓你可以快速的進行交付。通過Docker,您可以用您平時管理單個應用相同的方式管理您的整個架構。透過運用Docker在程式碼發布、測試及部署方面的方法論，您可以大幅縮短從編寫程式碼到在生產環境中執行之間的延遲。

Docker 平臺

Docker提供在一個基本分離的被稱爲容器的環境進行打包和運行應用程式的能力。這種隔離及安全性可以讓你在同一臺主機上同時運行多個容器。容器是輕量的，並具備運行應用所需的所有依賴，因此，您無需依賴主機上已安裝的軟體。您可以在工作時分享容器，並確保所有接收者都能獲得運作方式完全相同的容器。

Docker 提供了一套工具和平台，用於管理容器的生命週期:

• 使用容器開發您的應用程式及其相關元件
• 容器成為部署和測試您應用程式的基本單位
• 準備就緒後，請將您的應用程式部署至生產環境，形式可以是容器或經協調的服務. 無論您的生產環境是本地資料中心、雲端服務供應商，還是兩者的混合部署，此方法皆適用.

Docker可以用於做什麼？

快速且穩定地交付您的應用程式

Docker透過讓開發人員在標準化環境中使用本地容器來執行應用程式與服務，從而簡化開發生命週期。容器非常適合用於持續整合與持續交付（CI/CD）工作流程。

請考慮以下範例情境:

• 您的開發人員在本地編寫程式碼，並透過Docker容器與同事分享工作成果.
• 他們使用Docker將應用程式部署到測試環境中，並執行自動化與手動測試.
• 當開發人員發現錯誤時，他們可以在開發環境中進行修正，並將其重新部署至測試環境進行測試與驗證.
• 測試完成後，只需將更新的映像檔推送至生產環境，即可輕鬆將修正程式交付給客戶.

響應式部署與擴展

Docker基於容器的平台能實現高度可移植的工作負載。Docker容器可在開發者的本地筆記型電腦、資料中心的實體或虛擬機器、雲端服務供應商的環境，或是混合環境中運行.

Docker 的可移植性與輕量級特性，也使其能輕鬆地動態管理工作負載，並能根據業務需求，近乎即時地擴展或終止應用程式與服務。

在相同的硬件上運行更多的工作載荷

Docker 輕量且快速。它為基於虛擬管理程式的虛擬機器提供了可行且具成本效益的替代方案，讓您能更充分地利用伺服器容量來達成業務目標。Docker 非常適合高密度環境，以及需要以更少的資源完成更多任務的中小型部署。.

Docker 架構

Docker 採用客戶端-伺服器架構。Docker 客戶端與 Docker 守護程式進行通訊，後者負責執行建置、運行及分發 Docker 容器的繁重工作。Docker 客戶端與守護程式可以運行在同一系統上，您也可以將 Docker 客戶端連接到遠端的 Docker 守護程式。Docker 客戶端與守護程式透過 REST API、UNIX 套接字或網路介面進行通訊。另一種 Docker 客戶端是 Docker Compose，它讓您能夠管理由一組容器組成的應用程式.

Docker 守護進程(daemon)

Docker的守護進程 (dockerd) 監聽 Docker API 請求，並管理 Docker 物件，例如映像檔、容器、網路和儲存卷。守護程式亦可與其他守護程式通訊，以管理 Docker 服務.

Docker 客戶端

Docker的客戶端(docker)這是許多Docker使用者與Docker互動的主要方式.當你使用命令如 docker run,客戶端將這些指令傳送至dockerd,它負責執行這些命令.該docker命令使用Docker API跟守護進程通信，Docker客戶端可以與多個守護程式進行通訊。

Docker 桌面版

Docker Desktop is an easy-to-install application for your Mac, Windows, or Linux environment that enables you to build and share containerized applications and microservices. Docker Desktop includes the Docker daemon (dockerd), the Docker client (docker), Docker Compose, Docker Content Trust, Kubernetes, and Credential Helper. For more information, see Docker Desktop.

Docker registries

A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use, and Docker looks for images on Docker Hub by default. You can even run your own private registry.

When you use the docker pull or docker run commands, Docker pulls the required images from your configured registry. When you use the docker push command, Docker pushes your image to your configured registry.

Docker 對象

When you use Docker, you are creating and using images, containers, networks, volumes, plugins, and other objects. This section is a brief overview of some of those objects.

鏡像

An image is a read-only template with instructions for creating a Docker container. Often, an image is based on another image, with some additional customization. For example, you may build an image that is based on the Ubuntu image but includes the Apache web server and your application, as well as the configuration details needed to make your application run.

You might create your own images or you might only use those created by others and published in a registry. To build your own image, you create a Dockerfile with a simple syntax for defining the steps needed to create the image and run it. Each instruction in a Dockerfile creates a layer in the image. When you change the Dockerfile and rebuild the image, only those layers which have changed are rebuilt. This is part of what makes images so lightweight, small, and fast, when compared to other virtualization technologies.

容器

A container is a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API or CLI. You can connect a container to one or more networks, attach storage to it, or even create a new image based on its current state.

By default, a container is relatively well isolated from other containers and its host machine. You can control how isolated a container's network, storage, or other underlying subsystems are from other containers or from the host machine.

A container is defined by its image as well as any configuration options you provide to it when you create or start it. When a container is removed, any changes to its state that aren't stored in persistent storage disappear.

Example docker run command

The following command runs an ubuntu container, attaches interactively to your local command-line session, and runs /bin/bash.

 docker run -i -t ubuntu /bin/bash

When you run this command, the following happens (assuming you are using the default registry configuration):

1. If you don't have the ubuntu image locally, Docker pulls it from your configured registry, as though you had run docker pull ubuntu manually.
2. Docker creates a new container, as though you had run a docker container create command manually.
3. Docker allocates a read-write filesystem to the container, as its final layer. This allows a running container to create or modify files and directories in its local filesystem.
4. Docker creates a network interface to connect the container to the default network, since you didn't specify any networking options. This includes assigning an IP address to the container. By default, containers can connect to external networks using the host machine's network connection.
5. Docker starts the container and executes /bin/bash. Because the container is running interactively and attached to your terminal (due to the -i and -t flags), you can provide input using your keyboard while Docker logs the output to your terminal.
6. When you run exit to terminate the /bin/bash command, the container stops but isn't removed. You can start it again or remove it.

底層技術

Docker is written in the Go programming language and takes advantage of several features of the Linux kernel to deliver its functionality. Docker uses a technology called namespaces to provide the isolated workspace called the container. When you run a container, Docker creates a set of namespaces for that container.

These namespaces provide a layer of isolation. Each aspect of a container runs in a separate namespace and its access is limited to that namespace.

返回：容器引擎